Amendments to the claims, 

Listing of all claims pursuant to 37 CFR 1.121(c) 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

What is claimed is: 

1 . (Currently amended) In a computer system operating under control of an 
operating system supporting interprocess communication. A a method for controlling 
interprocess communication occurring between an application executing on the computer 
system and a service provided by the operating system, the method comprising: 

defining rules indicating which system services of the operating system a given 
application can invoke using interprocess communication to invoke said system services; 

trapping an attempt by a particular application to invoke a particular system 
service; 

identifying the particular application that is attempting to invoke the particular 
system service; and 

based on identity of the particular application and on the rules indicating which 
system services a given application can invoke, blocking the attempt when the rules 
indicate that the particular application cannot invoke the particular system service. 

2. (Original) The method of claim 1, wherein said trapping step includes 
intercepting operating system calls for invoking the particular system service. 

3. (Original) The method of claim 1, wherein said trapping step includes 
intercepting local procediire calls for invoking the particular system service. 

4. (Original) The method of claim 1, wherein said trapping step includes 
intercepting an attempt to open a communication channel to the particular system service. 

5. (Original) The method of claim 1, wherein said trapping step includes 
rerouting an attempt to invoke the particular system service from a system dispatch table 
to an interprocess communication controller for determining whether to block the attempt 
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based on the rules. 

6. (Original) The method of claim 5, wherein said step of rerouting attempts to 
invoke the particular system service from a dispatch table to the interprocess 
communication controller includes replacing an original destination address in the system 
dispatch table with an address of the interprocess communication controller. 

7. (Original) The method of claim 6, further comprising the steps of: 
retaining the original destination address; and 

using the original destination address for invoking the particular system service if 
the interprocess communication controller determines not to block the attempt. 

8. (Original) The method of claim 1, wherein the rules specifying which system 
services a given application can invoke are established based on user input. 

9. (Original) The method of claim 1, wherein the step of blocking the attempt is 
based upon consulting a rules engine for determining whether the particular application 
can invoke the particular system service. 

10. (Original) The method of claim 1, wherein the step of blocking the attempt 
includes obtaining user input as to whether the particular application can invoke the 
particular system service. 

1 1 . (Original) The method of claim 10, wherein said step of obtaining user input 
as to whether the particular application can invoke the particular system service includes 
the substeps of: 

providing information to the user about the particular application that is 
attempting to invoke the particular system service; and 

receiving user input as to whether the particular application should be blocked 
from invoking the particular system service. 
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12. (Original) A computer-readable medium having computer-executable 
instructions for performing the method of claim 1 . 

13. (Previously presented) The method of claim 1, further comprising: 
downloading a set of computer-executable instructions for performing the 

method of claim 1 . 

14. (Currently amended) In a computer system operating imder control of an 
operating system supporting interprocess communication, a method for regulating 
communications between processes that attempt to use said interprocess communication , 
the method comprising: 

defining a policy specifying whether one process may use interprocess 
communication of the operating system to communicate with another process; 

intercepting an attempt by a first process to communicate with a second process; 

identifying the first process that is attempting to communicate with the second 
process; 

identifying the second process; 

based on said policy, determining whether the first process may communicate 
with the second process; and 

allowing the first process to communicate with the second process if said policy 
indicates that the first process may communicate with the second process. 

15. (Original) The method of claim 14, wherein the first process comprises an 

instance of an application program. 

16. (Original) The method of claim 14, wherein the second process comprises a 
system service. 

17. (Original) The method of claim 14, wherein said intercepting step includes 
intercepting operating system calls made by the first process to attempt to communicate 
with the second process. 
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18. (Original) The method of claim 14, wherein said intercepting step includes 
detecting local procedure calls. 

19. (Original) The method of claim 14, wherein said intercepting step includes 
detecting an attempt by the first process to open a communication channel to the second 
process. 

20. (Original) The method of claim 14, wherein said intercepting step includes 
rerouting attempts by the first process to communicate with the second process from a 
system dispatch table to an interprocess communication controller. 

21 . (Original) The method of claim 14, wherein said step of identifying the 
second process includes evaluating parameters of the attempt made by the first process to 
communicate with the second process. 

22. (Original) The method of claim 14, wherein said policy specifies particular 
processes to be protected from communications made by other processes. 

23. (Original) The method of claim 14, further comprising: 
providing for a process to be registered in order to be protected from 

communications made by other processes; and 

determining whether to allow the first process to communicate with the second 
process based, at least in part, upon determining whether the second process is registered. 

24. (Original) The method of claim 23, wherein said determining step is based, at 
least in part, on the type of communication the first process is attempting with the second 
process. 

25. (Currently amended^ In a computer system operating under control of an 
operating system supporting interprocess communication. A a method for controlling 
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interprocess communications from one application to another, the method comprising: 

registering a first apphcation to be protected from interprocess communications of 

other applications; 

detecting an attempt to access the first application using interprocess 

communication; 

identifying a second application that is attempting to access the first application 
using interprocess communication; and 

rerouting the attempt to access the first apphcation through an interprocess 
communication confroUer that determines whether to allow the attempt, based on rules 
indicating whether the second application may access the first application using 
interprocess communication. 

26. (Original) The method of claim 25, wherein said registering step includes 
supplying rules specifying particular communications from which the first application is 
to be protected. 

27. (Original) The method of claim 26, wherein the interprocess communication 
confroUer determines whether to allow the attempt based, at least in part, upon the rules 
specifying particular communications from which the first application is to be protected. 

28. (Original) The method of claim 25, wherein said detecting step includes 
intercepting operating system calls for accessing the first application. 

29. (Original) The method of claim 25, wherein said detecting step includes 
detecting a graphical device interface (GDI) message sent to the first application. 

30. (Original) The method of claim 29, wherein said identifying step includes 
evaluating parameters of the message sent to the first application. 

3 1 . (Original) The method of claim 25, wherein said detecting step includes 
detecting an attempt to send keystoke data to a window of the first application. 
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32. (Original) The method of claim 25, wherein said detecting step includes 
detecting an attempt to send mouse movement data to a window of the first application. 

33. (Original) The method of claim 25, wherein said rerouting step includes 
rerouting the attempt to access the first application from a system dispatch table to the 
interprocess communication controller. 

34. (Original) The method of claim 25, wherein said rules indicating whether the 
second apphcation may access the first application includes rules indicating particular 
types of communications which are allowed. 

35. (Original) The method of claim 25, further comprising: 

if the interprocess communication controller allows the attempt to access the first 
application, routing the attempt to the first application. 

36. (Currently amended) A system for regulating interprocess communication 
between applications, the system comprising: 

a computer having at least one processor, said computer operating under control 
of an operating system providing interprocess communication: 

a policy specifying applications that are permitted to communicate with a first 
application using interprocess communication; 

a module for detecting a second application attempting to communicate with the 
first application using interprocess communication; and 

an interprocess communication controller for identifying the second application 
attempting to communicate with the first application and determining whether to permit 
the communication based upon the identification of the second application and the policy 
specifying applications permitted to communicate with the first application. 

37. (Original) The system of claim 36, wherein said policy includes rules 
indicating particular tj^es of communications which are permitted. 
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38. (Original) The system of claim 36, further comprising: 

a rules engine for specifying applications that are permitted to communicate with 
the first application using interprocess communication. 

39. (Original) The system of claim 36, further comprising: 
a registration module for establishing said policy. 

40. (Original) The system of claim 39, wherein said registration module provides 
for identifying applications to be governed by said policy. 

41 . (Original) The system of claim 36, wherein said module for detecting a 
second application detects an operating system call to open a communication channel to 
the first application. 

42. (Original) The system of claim 36, wherein said module for detecting a 
second application detects a graphical device interface (GDI) message sent to the first 
application. 

43. (Original) The system of claim 36, wherein said module for detecting a 
second application detects a local procedure call attempting to access the first application. 

44. (Original) The system of claim 36, wherein said module for detecting a 
second application redirects attempts to communicate with the first application to the 
interprocess communication controller. 

45. (Original) The system of claim 36, wherein said module for detecting a 
second application reroutes the attempt to communicate with the first application from a 
dispatch table to the interprocess communication controller. 

46. (Original) The system of claim 36, wherein said interprocess communication 
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controller determines whether to permit the communication based, at least in part, upon 
evaluating parameters of the attempt made by the second application to communicate 
with the first application. 

47. (Original) The system of claim 36, wherein said interprocess communication 
controller determines whether to permit the communication based upon obtaining user 
input as to whether to permit the second application to communicate with the first 
application. 
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